Massive DDoS attack takes European Commission offline

As security researchers have warned repeatedly, large distributed denial of service attacks are on the rise. And they are getting more sophisticated and aggressive. After KrebsOnSecurity and Dyn’s DNS fell victim to IoT botnets, millions of requests were sent simultaneously on Nov. 24 to flood the European Commission’s network.

DDoS attacks are more complex than regular DoS attacks because hackers use different computers and internet connections to overwhelm the target’s network with traffic and make it unresponsive. The rise of IoT and its security vulnerabilities have made it easy to compromise multiple connected devices and use them to launch large DDoS attacks.

“No data breach has occurred … the attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time,” said a European Commission spokesperson for Politico, yet a staff member revealed the DDoS attack on the servers was successful, taking down the European Commission’s website.

The Commission was taken offline while the EU-Ukraine Summit was taking place in Brussels, but no direct links were made between the two events.

The attack was also launched on the network gateways, shutting down their internet for hours. The institution dealt with “the saturation of our Internet connection,” read an internal email sent to employees. Although no data was exposed, employees were unable to carry out their work.

The cyberattack was successfully stopped later that evening, as the DIGIT team was fully alert and prepared for more attack waves. The Commission has not revealed information about the origin of the hackers or procedures involved in fighting off the attacks. However, there is an ongoing investigation to detect the origin and identity of the criminals involved.